. home.aspx



Oracle Patches 301 Vulnerabilities in October Update

October 18, 2018 / Sean Michael Kerner

Oracle's final Critical Patch Update (CPU) for 2018 is now available, patching 301 vulnerabilities spread across Oracle's product portfolio. Of the 301 vulnerabilities, 49 are rated with a CVSS (Common Vulnerabilities Security Scoring) score of 9.0 or higher, with only a single issue garnering the top severity rating of 10.0 The October CPU became generally available on Oct.16 and includes patches for both first-party and third-party components that Oracle develops and ships in its products. "As with previous Critical Patch Update releases, a significant proportion of the patches is for third-party components (non-Oracle CVEs, including open source components)," Eric Maurice, director of security assurance at Oracle.